Vulnerability Description
categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Black Tie Project | Black Tie Project | 0.4b |
References
- http://www.iss.net/security_center/static/8439.phpPatchVendor Advisory
- http://www.securityfocus.com/archive/1/261681Vendor Advisory
- http://www.securityfocus.com/bid/4275ExploitVendor Advisory
- http://www.iss.net/security_center/static/8439.phpPatchVendor Advisory
- http://www.securityfocus.com/archive/1/261681Vendor Advisory
- http://www.securityfocus.com/bid/4275ExploitVendor Advisory
FAQ
What is CVE-2002-0446?
CVE-2002-0446 is a vulnerability with a CVSS score of 5.0 (MEDIUM). categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathnam...
How severe is CVE-2002-0446?
CVE-2002-0446 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0446?
Check the references section above for vendor advisories and patch information. Affected products include: Black Tie Project Black Tie Project.